Clari5

Asia’s Growing Financial Crime – Shielding from the Growing Threat


‘Attempted heist of $1 billion by unidentified hackers’ the shot rang out across the financial world which experienced first-hand the tremors of cybercrime.
The yet to be identified hackers made off with $81 million and embroiled Rizal Commercial Banking Corporation (the bank used as a conduit for the heist), in penalties totaling 1P billion imposed by Bangko Sentral ng Pilipinas (BSP).

Meanwhile, the Monetary Authority of Singapore (MAS) fined DBS and UBS (2 of their biggest banks) amounts totaling $4 million for alleged money-laundering activities connected with Malaysian sovereign fund 1MDB.

Banks across China to Singapore to Philippines to smaller nations, are regularly falling prey to cybercrime, banking fraud and money laundering.

Let’s take a closer look at 5 prominent examples from recent survey reports and a few doable ideas to start beating the threat.

China
China was one of the countries surveyed for the state of financial crime. Some of the eye-openers include:
● 63% from organizations affected by financial crime said the most severe losses were incurred when an insider was involved in the fraud.
● 35% of respondents had no idea about the number of times their organizations had conducted a fraud risk assessment in the last 2 years.
● Corruption and bribery were pointed out as the most likely trends in organizations by 38% of respondents.
● While 36% claimed that an opponent of their organization got the upper hand in competition by paying a bribe, 22% said that they were asked for bribes.

Meanwhile, in Hong Kong and Macau –
● Money laundering and cybercrime are the most prominent themes.
● 50% claimed that cybercrime was the biggest threat to their organizations.
● 43% said their strategies against money laundering failed because organizations were unable to hire proficient, experienced people.

Singapore
Being a powerful investment banking hub, the nation has the most stringent compliance regulations. The recent 1 Malaysia Development Berhad (1MDB) bank fiasco and the subsequent lapses discovered in a number of banks that acted as a conduit for funds has severely challenged the nation’s risk compliance framework.

Alarming findings from recent surveys and other reports include:
● Rate of card fraud in the country is the 6th highest in the world and the 3rd highest in Asia-Pacific! About 66% of consumers were impacted in 2016.
● ACI Worldwide (a prominent payment solutions & electronic banking firm), reported that around 28% of its customers using debit cards, prepaid cards or credit cards experienced unauthorized transactions in 2014. In 2016, the number rose to 36%.
● Switzerland-based bank Falcon’s Singapore unit was shut down because of its involvement in the 1MDB debacle. The bank has been fined around 14 times a whopping $3.12 million for breaching anti-money laundering laws!
● While having a strong framework against money laundering, the country has failed to investigate any cases of terrorism financing despite having almost 780 potential leads.

Having noted the flaws in its defence mechanism, the country has pledged to further fortify it. But the constantly changing regulatory standards are making it harder to devise a comprehensive financial crime compliance strategy.

Some of the key requirements in these standards include:
● Creation of an effective FCC target operating model, especially for complex businesses
● Strict adherence to the 3-line “front office, audit and compliance” defence principle
● Demonstrable supervision and governance by the management
● Effective risk assessment and management

Philippines
Another South Asian country that is yet to achieve 100% compliance with respect to economic crime is Philippines. Regardless of its seemingly effective strategies against financial crime, banks in Philippines country are very often targeted by cyber criminals. PwC’s economic crime survey reveals:
● Around 36% of firms in Philippines are vulnerable to economic crime.
● More than 25% of respondents who participated in the survey, claimed they have had to pay bribes more often than their regional or global counterparts.
● Over 50% of respondents don’t have faith in law enforcement when it comes to combating financial crime.

Thailand
The situation in Thailand regarding financial crime is no better. In a survey by PwC, the response of whether they experienced financial fraud in 2016 was a 26% yes.
While most firms seem to have a defence strategy against financial crime and money laundering in place, many are blissfully ignorant about the repercussions of fraud.
Respondents were also asked to opine about the factors which contributed to fraud. While 24 % said that financial fraud is mainly motivated by the incentive (a person is likely to receive on misappropriating assets), 64% said that the opportunity to commit fraud – which only employees have – is the main factor.
6% claimed that rationalization, due to which a person commits a fraud and justifies the same, is the main cause.

Vietnam
Investments in Vietnam certainly have advantages owing to recent measures such as revision of Land Law (2013), Investment Law (2014) as well as Enterprise Law (2014).
But prevalent compliance risks pose a vital question – are these investments secure enough? Statistics from recent reports show that:
● Corruption is the greatest hurdle for financial investments in Vietnam.
● Regulatory standards are intricate and often confusing for investors.
● Laws against employee embezzlement or thefts haven’t been enforced properly.
● Around 68% of private firms in the country are able to get contracts only by paying bribes.

Arresting the Trend
There’s little doubt that the situation is a bit like a bomb waiting to go off. With Money Laundering leading the charge followed by Corruption/Internal Fraud & Card Fraud, the situation may seem bleak but not entirely unsalvageable.

While there are several actionable ideas, 4 of them that stand out are –

1. Push for a Regulator-level Transformation.
Assess risks associated with terrorism financing and money laundering, and co-develop a policy to mitigate them. Regulatory bodies must come out with a firm long-standing stance on anti-fraud measures that banks can readily implement. Frequent changes in policy causes considerable operational disruption which inadvertently causes breaches in a bank’s protection systems.
2. View Top-line Growth (upsell / cross-sell) and Bottom-line Protection (losses from Fraud) as 2 sides of the same coin.
Make investments in fraud management to pay for itself because fraud management and cross-sell are actually the ‘yin and yang’ (of risk management and revenue growth). Banks can reuse the in-memory data to offer simultaneous real-time cross-sell and upsell to customers using the same computed memory of fraud management. So the same contextual interventions at play in a real-time, cross-channel fraud prevention solution can also be used to generate revenue.

3. Unify your Bank’s Anti-Fraud & AML Departments into a Single ‘Financial Crimes Department’.
Currently the 2 departments are separate due to the genesis of each. The AML/CFT department was created to address regulatory requirements and the Anti-fraud cell was created within the Risk Department to help banks combat fraud. Money laundering and transactional fraud are closely correlated because transactional fraud is often a ‘predicate crime’ to money laundering. So, a cross-channel holistic approach is far superior because the system is strong in AML/CFT, Transactional Fraud Monitoring, and Enterprise Case Management. Operations can be exponentially more efficient by bringing the 2 departments together into a unified ‘Financial Crimes Department’.

4. Create a Federated, Asia-wide Anti-fraud Network.
Step up the fight to a regional level. A federated approach – specifically a pan-Asian anti-fraud network can be a useful strategy to consolidate, cross-pollinate and share intel among banks in the region. An interconnected framework allows member financial institutions to exchange authentic fraud intelligence in real-time, that can help detect and prevent potential crimes before they are perpetrated.

Data Sources:
1. https://www.pwc.com/sg/en/consulting/assets/economic-crime-survey/economic_crime_survey_2016_singapore.pdf
2. https://www.pwc.com/th/en/publications/2016/economic-crime-thailand2016.pdf
3. http://www.pwccn.com/en/services/consulting/forensic-services/publications/under-attack-are-organisations-doing-enough-to-tackle-the-cyber-threat.html
4. http://www.pwccn.com/en/migration/pdf/forensic-economic-crime-survey-2016.pdf
5. http://www.straitstimes.com/business/1-in-3-spore-consumers-victims-of-card-fraud
6. http://www.iflr.com/Article/3589987/Financial-crime-compliance-trends-in-Singapore.html
7. https://www.bloomberg.com/news/articles/2016-09-27/singapore-has-gaps-to-fill-in-money-laundering-fight-fatf-says
8. https://www.pwc.com/ph/en/consulting/assets/2016/pwcph-report-gecs-2016.pdf
9. http://www.corporatecomplianceinsights.com/cyber-fraud-on-the-rise-in-southeast-asia/
10. http://globalinvestigationsreview.com/insight/the-asia-pacific-investigations-review-2016/1024349/vietnam-compliance-risks

IndusInd Bank Turns Fraud Management into Revenue Stream by Using Insights from the Fraud Management Tool to Offer Real-Time Cross-Sell and Upsell to Customers

Clari5 customer IndusInd Bank realized that fraud and revenue can be 2 sides of the same coin, and converted this into an opportunity. The genesis of this platform was laid when the bank recognized the importance of integrating insights from different delivery channels into a single platform. To enable real-time detection across different online channels and products, it was essential for IndusInd Bank to correlate data from multiple systems and have an integrated view. [Read More]

Are banks using customers’ ‘Situational Intelligence’ for effective real-time fraud protection?


How can you make your bank’s customers control transactions on their accounts and use it as an effective fraud protection mechanism? Customer communication and preferences can be vital in detecting fraud early and costs far less.

Consider the following scenarios:

  • A customer is going on vacation to Switzerland for 2 weeks and he wants all the card transactions (debit card and credit card) originating from home country to be blocked for the next two weeks.
  • Customer wants all fund transfer (Third Party transfer) transactions originating from his internet banking account at any location in home country to be blocked for next 2 months as he is travelling to US for business.
  • Customer runs a domestic business and doesn’t travel abroad. The customer wants to disable any transaction originating abroad.
  • Customer wants all payee addition transactions to be blocked in his account till he turns this feature on (aka Facebook privacy settings).
  • Customer wants to be alerted of any attempt of transaction of more than a set limit with the option to respond with a decision to decline or authorize the transaction (aka. reverse positive payee used for cheque transactions in the commercial banking world).
  • Customer holds multiple credit cards and uses a specific credit card for all his ‘Card Not Present’ transactions (online payments). Customer wants all the CNP transactions to be blocked on all his other debit/credit cards.
  • Customer wants to block or fix specific limits for purchase of electronic or jewelry items on his debit/credit card.
  • Customer wants to limit the use of his debit card/credit card to any particular state/states within the country.

In all these scenarios, the bank customers provide the vital situational intelligence which can be built into the banks’ processes for effective fraud protection.  In turn, customers also benefit with the convenience of banking on their own terms and securing their accounts.

If you think this is too futuristic, you may be wrong. Reserve Bank of India’s expert committee on customer service in banking has published recommendations to this effect (Report of the committee on customer service in banks). We might see these recommendations getting implemented by Indian banks very soon.

Bank’s core system i.e. core banking, internet banking and credit card processing systems, however modern they may be, are ill-suited to handle this kind of agility. Current generation systems can at the best match a transaction to a bank maintained blacklist and stop a transaction when an entity match occurs.

Banks need to handle this using agile fraud management system which can take this situation intelligence into consideration as part of its decision making strategy for fraud protection. What banks need is a dynamic fraud management system that can digest the relevant information about the debit blocks/limit preferences customer has opted for the given time period and the same system is used for real-time fraud protection.

A real-time fraud protection system monitors every transaction and decides whether to allow, decline or challenge based on the fraud risk system inherently derives or based on the customer provided situational intelligence. This is an example of a technology that can truly achieve the dual objectives of enhanced customer experience and improved fraud control.

How do you see your institution using customer context based intelligence for better fraud prevention?

Clari5 Debuts in Sri Lanka at Risk Symposium 2017, Colombo

Risk Symposium 2017, Colombo

19 – 20 June, 2017

Cinnamon Lakeside, Colombo

Clari5 was a key sponsor of the Sri Lanka Association of Banking Sector Risk Professionals’ Risk Symposium 2017, held on 19 and 20 June, at Cinnamon Lakeside, Colombo. The theme of the event was ‘Risk Management for sustainable value creation’. We articulated how Sri Lankan banks can tackle the growing financial crime threat with an unconventional ‘central nervous system’ approach and shared risks related to digitization in the subsequent panel discussion on ‘quantification of risk – scenario analysis’.